w3m

Unnamed repository; edit this file to name it for gitweb.
git clone https://logand.com/git/w3m.git/
Log | Files | Refs | README

commit 89a0428fe3436225cdd849b23b9d7fc23ac37766
parent 0dd89ae9b35fee7e2e3b68a8a80242d84db8f324
Author: ukai <ukai>
Date:   Wed, 15 Jan 2003 17:13:21 +0000

[w3m-dev 03644] Re: Other user can see local cookie.
* cookie.c (save_cookies): return if no_rc_dir
* etc.c (tmpf_base): add cookie
	(tmpfname): use tmp_dir instead of rc_dir
* file.c (loadGeneralFile): cookie is not passed via URL
* fm.h (TMPF_COOKIE): incl
	(MAX_TMPF_TYPE): incl
	(no_rc_dir): added
	(tmp_dir): added
	(config_file): added
* local.c (Local_cookie_file): added
	(writeLocalCookie): added
	(setLocalCookie): dont set environment LOCAL_COOKIE
	(localcgi_post): writeLocalCookie
	(localcgi_get): writeLocalCookie
* main.c (config_filename): deleted
	(cmd_loadURL): arg FormList
	(main): rewrite config_file, rc
	(ldhelp): no cookie in URL
	(cmd_loadURL): arg FormList
	(goURL0): cmd_loadURL change
	(cmd_loadBuffer): cmd_loadURL change
	(adBmark): cookie is posted
	(follow_map): cmd_loadURL change
	(linkMn): cmd_loadURL change
	(reinit): init_rc change
* proto.h (create_option_search_table): deleted
	(init_rc): no args
* rc.c (create_option_search_table): static
	(init_rc): no args
		rewrite
	(optionpanel_src1): rewrite
	(load_option_panel): html_quote
	(panel_set_option): no_rc_dir
* w3mbookmark.c: rewrite
* w3mhelperpanel.c: rewrite
* scripts/dirlist.cgi.in: rewrite
* scripts/w3mhelp.cgi.in: rewrite
* scripts/w3mmail.cgi.in: rewrite
* scripts/multipart/multipart.cgi.in: rewrite
From: Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp>

Diffstat:
MChangeLog | 43+++++++++++++++++++++++++++++++++++++++++++
Mcookie.c | 2+-
Metc.c | 4++--
Mfile.c | 6++----
Mfm.h | 7+++++--
Mlocal.c | 22+++++++++++++++++++++-
Mmain.c | 59++++++++++++++++++++++++++++-------------------------------
Mproto.h | 3+--
Mrc.c | 68++++++++++++++++++++++++++++++++++++++++++++------------------------
Mscripts/dirlist.cgi.in | 61++++++++++++++++++++++++++-----------------------------------
Mscripts/multipart/multipart.cgi.in | 25+++++--------------------
Mscripts/w3mhelp.cgi.in | 16+---------------
Mscripts/w3mmail.cgi.in | 31+++++++++++++++++++++----------
Mw3mbookmark.c | 119++++++++++++++++++++++++++++++++++++++++++++-----------------------------------
Mw3mhelperpanel.c | 72+++++++++++++++++++++++++++++++++++++++++++++++-------------------------
15 files changed, 314 insertions(+), 224 deletions(-)

diff --git a/ChangeLog b/ChangeLog @@ -1,3 +1,46 @@ +2003-01-16 Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp> + + * [w3m-dev 03644] Re: Other user can see local cookie. + * cookie.c (save_cookies): return if no_rc_dir + * etc.c (tmpf_base): add cookie + (tmpfname): use tmp_dir instead of rc_dir + * file.c (loadGeneralFile): cookie is not passed via URL + * fm.h (TMPF_COOKIE): incl + (MAX_TMPF_TYPE): incl + (no_rc_dir): added + (tmp_dir): added + (config_file): added + * local.c (Local_cookie_file): added + (writeLocalCookie): added + (setLocalCookie): dont set environment LOCAL_COOKIE + (localcgi_post): writeLocalCookie + (localcgi_get): writeLocalCookie + * main.c (config_filename): deleted + (cmd_loadURL): arg FormList + (main): rewrite config_file, rc + (ldhelp): no cookie in URL + (cmd_loadURL): arg FormList + (goURL0): cmd_loadURL change + (cmd_loadBuffer): cmd_loadURL change + (adBmark): cookie is posted + (follow_map): cmd_loadURL change + (linkMn): cmd_loadURL change + (reinit): init_rc change + * proto.h (create_option_search_table): deleted + (init_rc): no args + * rc.c (create_option_search_table): static + (init_rc): no args + rewrite + (optionpanel_src1): rewrite + (load_option_panel): html_quote + (panel_set_option): no_rc_dir + * w3mbookmark.c: rewrite + * w3mhelperpanel.c: rewrite + * scripts/dirlist.cgi.in: rewrite + * scripts/w3mhelp.cgi.in: rewrite + * scripts/w3mmail.cgi.in: rewrite + * scripts/multipart/multipart.cgi.in: rewrite + 2003-01-16 Fumitoshi UKAI <ukai@debian.or.jp> * file.c (loadGopherDir): convertLine RAW_MODE diff --git a/cookie.c b/cookie.c @@ -417,7 +417,7 @@ save_cookies(void) check_expired_cookies(); - if (!First_cookie || is_saved || rc_dir_is_tmp) + if (!First_cookie || is_saved || no_rc_dir) return; cookie_file = rcFile(COOKIE_FILE); diff --git a/etc.c b/etc.c @@ -1503,7 +1503,7 @@ file_to_url(char *file) } static char *tmpf_base[MAX_TMPF_TYPE] = { - "tmp", "src", "frame", "cache" + "tmp", "src", "frame", "cache", "cookie", }; static unsigned int tmpf_seq[MAX_TMPF_TYPE]; @@ -1512,7 +1512,7 @@ tmpfname(int type, char *ext) { Str tmpf; tmpf = Sprintf("%s/w3m%s%d-%d%s", - rc_dir, + tmp_dir, tmpf_base[type], CurrentPid, tmpf_seq[type]++, (ext) ? ext : ""); pushText(fileToDelete, tmpf->ptr); diff --git a/file.c b/file.c @@ -1550,10 +1550,8 @@ loadGeneralFile(char *path, ParsedURL *volatile current, char *referer, return NULL; if (S_ISDIR(st.st_mode)) { if (UseExternalDirBuffer) { - Str cmd = Sprintf("%s?cookie=%s&dir=%s#current", - DirBufferCommand, - (Str_form_quote(Local_cookie))->ptr, - pu.file); + Str cmd = Sprintf("%s?dir=%s#current", + DirBufferCommand, pu.file); b = loadGeneralFile(cmd->ptr, NULL, NO_REFERER, 0, NULL); if (b != NULL && b != NO_BUFFER) { diff --git a/fm.h b/fm.h @@ -742,7 +742,8 @@ typedef struct http_request { #define TMPF_SRC 1 #define TMPF_FRAME 2 #define TMPF_CACHE 3 -#define MAX_TMPF_TYPE 4 +#define TMPF_COOKIE 4 +#define MAX_TMPF_TYPE 5 #define set_no_proxy(domains) (NO_proxy_domains=make_domain_list(domains)) @@ -1017,8 +1018,10 @@ global char UseGraphicChar init(TRUE); extern char alt_rule[]; #endif /* not KANJI_SYMBOLS */ extern char UseAltEntity; +global int no_rc_dir init(FALSE); global char *rc_dir; -global int rc_dir_is_tmp init(FALSE); +global char *tmp_dir; +global char *config_file init(NULL); #ifdef USE_MOUSE global int use_mouse init(TRUE); diff --git a/local.c b/local.c @@ -23,6 +23,25 @@ #define CGIFN_CONTAIN_SLASH 4 +static char *Local_cookie_file = NULL; + +static void +writeLocalCookie() +{ + FILE *f; + + if (no_rc_dir) + return; + Local_cookie_file = tmpfname(TMPF_COOKIE, NULL)->ptr; + set_environ("LOCAL_COOKIE_FILE", Local_cookie_file); + f = fopen(Local_cookie_file, "wb"); + if (!f) + return; + fwrite(Local_cookie->ptr, sizeof(char), Local_cookie->length, f); + fclose(f); + chmod(Local_cookie_file, S_IRUSR | S_IWUSR); +} + /* setup cookie for local CGI */ void setLocalCookie() @@ -31,7 +50,6 @@ setLocalCookie() gethostname(hostname, 256); Local_cookie = Sprintf("%d.%ld@%s", CurrentPid, lrand48(), hostname); - set_environ("LOCAL_COOKIE", Local_cookie->ptr); } Str @@ -395,6 +413,7 @@ localcgi_post(char *uri, char *qstr, FormList *request, char *referer) file = cgi_filename(uri, &status); if (check_local_cgi(file, status) < 0) return NULL; + writeLocalCookie(); tmp1 = tmpfname(TMPF_DFL, NULL); if ((pid = localcgi_popen_r(&f)) < 0) return NULL; @@ -459,6 +478,7 @@ localcgi_get(char *uri, char *request, char *referer) file = cgi_filename(uri, &status); if (check_local_cgi(file, status) < 0) return NULL; + writeLocalCookie(); if ((pid = localcgi_popen_r(&f)) < 0) return NULL; else if (pid) diff --git a/main.c b/main.c @@ -26,8 +26,6 @@ extern int do_getch(); #define DSTR_LEN 256 -static char *config_filename = NULL; - Hist *LoadHist; Hist *SaveHist; Hist *URLHist; @@ -71,7 +69,8 @@ JMP_BUF IntReturn; static void delBuffer(Buffer *buf); static void cmd_loadfile(char *path); -static void cmd_loadURL(char *url, ParsedURL *current, char *referer); +static void cmd_loadURL(char *url, ParsedURL *current, char *referer, + FormList *request); static void cmd_loadBuffer(Buffer *buf, int prop, int linkid); static void keyPressEventProc(int c); int show_params_p = 0; @@ -383,12 +382,7 @@ main(int argc, char **argv, char **envp) CurrentDir = currentdir(); CurrentPid = (int)getpid(); BookmarkFile = NULL; - rc_dir = expandName(RC_DIR); - i = strlen(rc_dir); - if (i > 1 && rc_dir[i - 1] == '/') - rc_dir[i - 1] = '\0'; - config_filename = rcFile(CONFIG_FILE); - create_option_search_table(); + config_file = NULL; /* argument search 1 */ for (i = 1; i < argc; i++) { @@ -397,7 +391,7 @@ main(int argc, char **argv, char **envp) argv[i] = "-dummy"; if (++i >= argc) usage(); - config_filename = argv[i]; + config_file = argv[i]; argv[i] = "-dummy"; } else if (!strcmp("-h", argv[i]) || !strcmp("-help", argv[i])) @@ -410,7 +404,7 @@ main(int argc, char **argv, char **envp) } /* initializations */ - init_rc(config_filename); + init_rc(); LoadHist = newHist(); SaveHist = newHist(); @@ -2007,17 +2001,16 @@ ldhelp(void) #ifdef USE_HELP_CGI char *lang; int n; + Str tmp; lang = AcceptLang; n = strcspn(lang, ";, \t"); - cmd_loadURL(Sprintf("file:///$LIB/" HELP_CGI CGI_EXTENSION - "?cookie=%s&version=%s&lang=%s", - Str_form_quote(Local_cookie)->ptr, - Str_form_quote(Strnew_charp(w3m_version))->ptr, - Str_form_quote(Strnew_charp_n(lang, n))->ptr)->ptr, - NULL, NO_REFERER); + tmp = Sprintf("file:///$LIB/" HELP_CGI CGI_EXTENSION "?version=%s&lang=%s", + Str_form_quote(Strnew_charp(w3m_version))->ptr, + Str_form_quote(Strnew_charp_n(lang, n))->ptr); + cmd_loadURL(tmp->ptr, NULL, NO_REFERER, NULL); #else - cmd_loadURL(helpFile(HELP_FILE), NULL, NO_REFERER); + cmd_loadURL(helpFile(HELP_FILE), NULL, NO_REFERER, NULL); #endif } @@ -3813,7 +3806,7 @@ deletePrevBuf() } static void -cmd_loadURL(char *url, ParsedURL *current, char *referer) +cmd_loadURL(char *url, ParsedURL *current, char *referer, FormList *request) { Buffer *buf; @@ -3850,7 +3843,7 @@ cmd_loadURL(char *url, ParsedURL *current, char *referer) #endif /* USE_NNTP */ refresh(); - buf = loadGeneralFile(url, current, referer, 0, NULL); + buf = loadGeneralFile(url, current, referer, 0, request); if (buf == NULL) { char *emsg = Sprintf("Can't load %s", conv_from_system(url))->ptr; disp_err_message(emsg, FALSE); @@ -3925,7 +3918,7 @@ goURL0(char *prompt, int relative) } parseURL2(url, &p_url, current); pushHashHist(URLHist, parsedURL2Str(&p_url)->ptr); - cmd_loadURL(url, current, referer); + cmd_loadURL(url, current, referer, NULL); if (Currentbuf != cur_buf) /* success */ pushHashHist(URLHist, parsedURL2Str(&Currentbuf->currentURL)->ptr); } @@ -3965,7 +3958,7 @@ cmd_loadBuffer(Buffer *buf, int prop, int linkid) void ldBmark(void) { - cmd_loadURL(BookmarkFile, NULL, NO_REFERER); + cmd_loadURL(BookmarkFile, NULL, NO_REFERER, NULL); } @@ -3974,15 +3967,19 @@ void adBmark(void) { Str tmp; + FormList *request; - tmp = Sprintf("file://%s/" W3MBOOKMARK_CMDNAME - "?mode=panel&cookie=%s&bmark=%s&url=%s&title=%s", - w3m_lib_dir(), (Str_form_quote(Local_cookie))->ptr, + tmp = Sprintf("mode=panel&cookie=%s&bmark=%s&url=%s&title=%s", + (Str_form_quote(Local_cookie))->ptr, (Str_form_quote(Strnew_charp(BookmarkFile)))->ptr, (Str_form_quote(parsedURL2Str(&Currentbuf->currentURL)))-> ptr, (Str_form_quote(Strnew_charp(Currentbuf->buffername)))->ptr); - cmd_loadURL(tmp->ptr, NULL, NO_REFERER); + request = newFormList(NULL, "post", NULL, NULL, NULL, NULL, NULL); + request->body = tmp->ptr; + request->length = tmp->length; + cmd_loadURL("file:///$LIB/" W3MBOOKMARK_CMDNAME, NULL, NO_REFERER, + request); } /* option setting */ @@ -4086,7 +4083,7 @@ follow_map(struct parsed_tagarg *arg) _newT(); buf = Currentbuf; cmd_loadURL(a->url, baseURL(Currentbuf), - parsedURL2Str(&Currentbuf->currentURL)->ptr); + parsedURL2Str(&Currentbuf->currentURL)->ptr, NULL); if (buf != Currentbuf) delBuffer(buf); else @@ -4095,7 +4092,7 @@ follow_map(struct parsed_tagarg *arg) return; } cmd_loadURL(a->url, baseURL(Currentbuf), - parsedURL2Str(&Currentbuf->currentURL)->ptr); + parsedURL2Str(&Currentbuf->currentURL)->ptr, NULL); #endif } @@ -4116,7 +4113,7 @@ linkMn(void) parseURL2(l->url, &p_url, baseURL(Currentbuf)); pushHashHist(URLHist, parsedURL2Str(&p_url)->ptr); cmd_loadURL(l->url, baseURL(Currentbuf), - parsedURL2Str(&Currentbuf->currentURL)->ptr); + parsedURL2Str(&Currentbuf->currentURL)->ptr, NULL); } static void @@ -5621,7 +5618,7 @@ reinit() char *resource = searchKeyData(); if (resource == NULL) { - init_rc(config_filename); + init_rc(); sync_with_option(); #ifdef USE_COOKIE initCookie(); @@ -5631,7 +5628,7 @@ reinit() } if (!strcasecmp(resource, "CONFIG") || !strcasecmp(resource, "RC")) { - init_rc(config_filename); + init_rc(); sync_with_option(); displayBuffer(Currentbuf, B_REDRAW_IMAGE); return; diff --git a/proto.h b/proto.h @@ -561,8 +561,7 @@ extern Str decodeMIME(char *orgstr); extern Str encodeB(char *a); extern int set_param_option(char *option); extern char *get_param_option(char *name); -extern void create_option_search_table(); -extern void init_rc(char *config_filename); +extern void init_rc(void); extern Buffer *load_option_panel(void); extern void panel_set_option(struct parsed_tagarg *); extern void sync_with_option(void); diff --git a/rc.c b/rc.c @@ -847,7 +847,7 @@ compare_table(struct rc_search_table *a, struct rc_search_table *b) return strcmp(a->param->name, b->param->name); } -void +static void create_option_search_table() { int i, j, k; @@ -1366,24 +1366,25 @@ sync_with_option(void) } void -init_rc(char *config_filename) +init_rc(void) { + int i; struct stat st; FILE *f; - char *tmpdir; - if (((tmpdir = getenv("TMP")) == NULL || *tmpdir == '\0') - && ((tmpdir = getenv("TEMP")) == NULL || *tmpdir == '\0') - && ((tmpdir = getenv("TMPDIR")) == NULL || *tmpdir == '\0')) - tmpdir = "/tmp"; + if (config_file != NULL) + goto open_rc; + + rc_dir = expandName(RC_DIR); + i = strlen(rc_dir); + if (i > 1 && rc_dir[i - 1] == '/') + rc_dir[i - 1] = '\0'; if (stat(rc_dir, &st) < 0) { if (errno == ENOENT) { /* no directory */ if (do_mkdir(rc_dir, 0700) < 0) { fprintf(stderr, "Can't create config directory (%s)!", rc_dir); - rc_dir = tmpdir; - rc_dir_is_tmp = TRUE; - return; + goto rc_dir_err; } else { stat(rc_dir, &st); @@ -1391,37 +1392,56 @@ init_rc(char *config_filename) } else { fprintf(stderr, "Can't open config directory (%s)!", rc_dir); - rc_dir = tmpdir; - rc_dir_is_tmp = TRUE; - return; + goto rc_dir_err; } } if (!S_ISDIR(st.st_mode)) { /* not a directory */ fprintf(stderr, "%s is not a directory!", rc_dir); - rc_dir = tmpdir; - rc_dir_is_tmp = TRUE; - return; + goto rc_dir_err; } + if (!(st.st_mode & S_IWUSR)) { + fprintf(stderr, "%s is not writable!", rc_dir); + goto rc_dir_err; + } + no_rc_dir = FALSE; + tmp_dir = rc_dir; + + if (config_file == NULL) + config_file = rcFile(CONFIG_FILE); + + create_option_search_table(); + open_rc: /* open config file */ if ((f = fopen(etcFile(W3MCONFIG), "rt")) != NULL) { interpret_rc(f); fclose(f); } - config_file = config_filename; - if (config_file == NULL) - config_file = rcFile(CONFIG_FILE); if ((f = fopen(config_file, "rt")) != NULL) { interpret_rc(f); fclose(f); } + return; + + rc_dir_err: + no_rc_dir = TRUE; + if (((tmp_dir = getenv("TMPDIR")) == NULL || *tmp_dir == '\0') && + ((tmp_dir = getenv("TMP")) == NULL || *tmp_dir == '\0') && + ((tmp_dir = getenv("TEMP")) == NULL || *tmp_dir == '\0')) + tmp_dir = "/tmp"; } static char optionpanel_src1[] = - "<html><head><title>Option Setting Panel</title></head>\ -<body><center><b>Option Setting Panel</b><br><b>(w3m version %s)</b></center><p>\n" "<a href=\"file:///$LIB/" W3MHELPERPANEL_CMDNAME "?mode=panel&cookie=%s\">%s</a>\n" "<form method=internal action=option>"; + "<html><head><title>Option Setting Panel</title></head><body>\ +<h1 align=center>Option Setting Panel<br>(w3m version %s)</b></h1>\ +<form method=post action=\"file:///$LIB/" W3MHELPERPANEL_CMDNAME "\">\ +<input type=hidden name=mode value=panel>\ +<input type=hidden name=cookie value=\"%s\">\ +<input type=submit value=\"%s\">\ +</form><br>\ +<form method=internal action=option>"; static Str to_str(struct param_ptr *p) @@ -1458,8 +1478,8 @@ to_str(struct param_ptr *p) Buffer * load_option_panel(void) { - Str src = Sprintf(optionpanel_src1, w3m_version, - (Str_form_quote(Local_cookie))->ptr, CMT_HELPER); + Str src = Sprintf(optionpanel_src1, html_quote(w3m_version), + html_quote(Local_cookie->ptr), CMT_HELPER); struct param_ptr *p; struct sel_c *s; int x, i; @@ -1530,7 +1550,7 @@ panel_set_option(struct parsed_tagarg *arg) { FILE *f = NULL; - if (rc_dir_is_tmp) { + if (no_rc_dir) { disp_message("There's no ~/.w3m directory... config not saved", FALSE); } else { diff --git a/scripts/dirlist.cgi.in b/scripts/dirlist.cgi.in @@ -33,15 +33,16 @@ $query = $ENV{'QUERY_STRING'}; $dir = ''; $cmd = ''; $cookie = ''; -# $cgi = 0; -# if ($query eq '') { -# $_ = `pwd`; # insecure? -# chop; -# s/\r$//; -# $dir = $_; -# $cgi = 0; -# } elsif ($query =~ /^(opt\d+|dir|cmd|cookie)=/) { - foreach(split(/\&/, $query)) { +$local_cookie = ''; +foreach(split(/\&/, $query)) { + if (s/^dir=//) { + $dir = &form_decode($_); + } +} +$body = undef; +if ($ENV{'REQUEST_METHOD'} eq 'POST') { + sysread(STDIN, $body, $ENV{'CONTENT_LENGTH'}); + foreach(split(/\&/, $body)) { if (s/^dir=//) { $dir = &form_decode($_); } elsif (s/^opt(\d+)=//) { @@ -52,27 +53,22 @@ $cookie = ''; $cookie = &form_decode($_); } } - if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) { - print <<EOF; +} +$cookie_file = $ENV{'LOCAL_COOKIE_FILE'}; +if (-f $cookie_file) { + open(F, "< $cookie_file"); + $local_cookie = <F>; + close(F); +} +if ($local_cookie eq '' || (defined($body) && $cookie ne $local_cookie)) { + print <<EOF; Content-Type: text/plain Local cookie doesn't match: It may be an illegal execution EOF - exit(1); - } - $cookie = &html_quote($cookie); - $cgi = 1; -# } else { -# $dir = $query; -# if (($dir !~ m@^/@) && -# ($WIN32 && $dir !~ /^[a-z]:/i)) { -# $_ = `pwd`; # insecure? -# chop; -# s/\r$//; -# $dir = "$_/$dir"; -# } -# $cgi = -1; -# } + exit(1); +} +$local_cookie = &html_quote($local_cookie); if ($dir !~ m@/$@) { $dir .= '/'; } @@ -88,9 +84,7 @@ if ($WIN32) { $ROOT = &cygwin_pathconv("$ROOT"); } } -if ($cgi) { - $dir = &cleanup($dir); -} +$dir = &cleanup($dir); $TYPE = $OPT[$OPT_TYPE]; $FORMAT = $OPT[$OPT_FORMAT]; @@ -117,9 +111,6 @@ EOF exit 1; } -# ($cgi > 0) && print <<EOF; -# w3m-control: DELETE_PREVBUF -# EOF print <<EOF; Content-Type: text/html @@ -404,9 +395,9 @@ sub print_form { local($_, @vs, @os, $v, $o); print <<EOF; -<form action=\"$CGI\"> +<form method=post action=\"$CGI#current\"> <center> -<table> +<table cellpadding=0> <tr valign=top> EOF foreach(0 .. 2) { @@ -433,7 +424,7 @@ EOF </table> </center> <input type=hidden name=dir value="$d"> -<input type=hidden name=cookie value="$cookie"> +<input type=hidden name=cookie value="$local_cookie"> </form> EOF } diff --git a/scripts/multipart/multipart.cgi.in b/scripts/multipart/multipart.cgi.in @@ -28,24 +28,14 @@ if (defined($query)) { } $file = &form_decode($v{'file'}); $boundary = &form_decode($v{'boundary'}); - $cookie = &form_decode($v{'cookie'}); - if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) { - print <<EOF; -Content-Type: text/plain - -Local cookie doesn't match: It may be an illegal execution -EOF - exit(1); - } } else { $file = $ARGV[0]; if (@ARGV >= 2) { $boundary = $ARGV[1]; } - $cookie = $ENV{'LOCAL_COOKIE'}; } - -open(F, "< $file"); +(-f $file) || exit(1); +open(F, "< $file") || exit(1); $end = 0; $mbody = ''; if (defined($boundary)) { @@ -131,7 +121,6 @@ if (defined($v{'count'})) { $qcgi = &html_quote($CGI); $qfile = &html_quote($file); $qboundary = &html_quote($boundary); -$qcookie = &html_quote($cookie); if ($mbody =~ /\S/) { $_ = $mbody; @@ -196,20 +185,16 @@ while(! $end) { s/\>/\&gt;/g; print "<pre>\n"; print $_; - print "\n</pre>\n"; + print "</pre>\n"; if ($type =~ /name=\"?([^\"]+)\"?/ || $dispos =~ /filename=\"?([^\"]+)\"?/) { $name = $1; } else { $name = "Content"; } - print "<form method=POST action=\"$qcgi?$count\">\n"; - print "<input type=hidden name=file value=\"$qfile\">\n"; - print "<input type=hidden name=boundary value=\"$qboundary\">\n"; - print "<input type=hidden name=cookie value=\"$qcookie\">\n"; - print "<input type=hidden name=count value=\"$count\">\n"; + print "<form action=\"$qcgi?file=$qfile&amp;boundary=$qboundary&amp;count=$count\">\n"; if ($image) { - print "<input type=image name=submit src=\"$CGI?file=$qfile&amp;boundary=$qboundary&amp;cookie=$qcookie&amp;count=$count\" alt=\"", + print "<input type=image name=submit src=\"$qcgi?file=$qfile&amp;boundary=$qboundary&amp;count=$count\" alt=\"", &html_quote($name), "\">\n"; } else { print "<input type=submit name=submit value=\"", diff --git a/scripts/w3mhelp.cgi.in b/scripts/w3mhelp.cgi.in @@ -49,18 +49,6 @@ if (defined($ENV{'QUERY_STRING'})) { $lang = $tlang; } } - if ($ENV{'QUERY_STRING'} =~ /(^|&)cookie=([^&]*)/) { - $cookie = $2; - $cookie =~ s/\+|%([0-9A-Fa-f][0-9A-Fa-f])/$& eq '+' ? ' ' : pack('C', hex($1))/ge; - } -} -if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) { - print <<EOF; -Content-Type: text/plain - -Local cookie doesn't match: It may be an illegal execution -EOF - exit(1); } %f = %keyfunc; @@ -115,9 +103,7 @@ HEADING $q_version = $version; $q_version =~ s/[^A-Za-z0-9_\$\.\-]/sprintf('%%%02X', ord($&))/ge; -$q_cookie = $cookie; -$q_cookie =~ s/[^A-Za-z0-9_\$\.\-]/sprintf('%%%02X', ord($&))/ge; -$script = "<A HREF=\"$ENV{'SCRIPT_NAME'}?cookie=$q_cookie&version=$q_version&amp;lang="; +$script = "<A HREF=\"$ENV{'SCRIPT_NAME'}?version=$q_version&amp;lang="; # doc:en_English doc-jp:ja_Japanese for $otherlang (@docdirs) { diff --git a/scripts/w3mmail.cgi.in b/scripts/w3mmail.cgi.in @@ -5,11 +5,17 @@ $rcsid = q$Id$; ($prog=$0) =~ s/.*\///; $query = $ENV{'QUERY_STRING'}; -$local_cookie = $ENV{'LOCAL_COOKIE'}; +$cookie_file = $ENV{'LOCAL_COOKIE_FILE'}; +$local_cookie = ''; $SENDMAIL = '/usr/lib/sendmail'; $SENDMAIL = '/usr/sbin/sendmail' if -x '/usr/sbin/sendmail'; $SENDMAIL_OPT = '-oi -t'; +if (-f $cookie_file) { + open(F, "< $cookie_file"); + $local_cookie = <F>; + close(F); +} if ($query =~ s/^\w+://) { $url = $query; $qurl = &html_quote($url); @@ -43,8 +49,9 @@ if ($query =~ s/^\w+://) { print "\r\n"; print "<html><head><title>W3M Mailer: $qurl</title></head>\n"; print "<body><h1>W3M Mailer: $qurl</h1>\n"; - print "<form action='file://$0' method='POST'>\n"; - print "<input type='hidden' name='cookie' value='$local_cookie'>\n"; + print "<form action=\"file://$0\" method='POST'>\n"; + $local_cookie = &html_quote($local_cookie); + print "<input type='hidden' name='cookie' value=\"$local_cookie\">\n"; print "<table>\n"; foreach $h ('from', 'to', 'cc', 'bcc', 'subject') { $v = &lang_html_quote($opt{$h}); @@ -52,6 +59,7 @@ if ($query =~ s/^\w+://) { delete $opt{$h}; } if ($boundary) { + $boundary = &html_quote($boundary); print "<tr><td>Content-Type:<td>multipart/form-data; boundary=\"$boundary\"\n"; print "<input type='hidden' name='boundary' value=\"$boundary\">\n"; } @@ -98,8 +106,9 @@ if ($query =~ s/^\w+://) { print "<html><head><title>W3M Mailer</title></head>\n"; print "<body>\n"; print "<h1>W3M Mailer: preview</h1>\n"; - print "<form action='$0' method='POST'>\n"; - print "<input type='hidden' name='cookie' value='$local_cookie'>\n"; + print "<form action=\"file://$0\" method='POST'>\n"; + $local_cookie = &html_quote($local_cookie); + print "<input type='hidden' name='cookie' value=\"$local_cookie\">\n"; print "<hr>\n"; print "<pre>\n"; foreach $h (keys %opt) { @@ -112,13 +121,15 @@ if ($query =~ s/^\w+://) { ($cs,$cte,$body) = &lang_body(&lang_html_quote($body), 0); print "Mime-Version: 1.0\n"; if ($boundary) { + $boundary = &html_quote($boundary); print "Content-Type: multipart/form-data;\n"; print " boundary=\"$boundary\"\n"; } else { print "Content-Type: text/plain; charset=$cs\n"; } # print "Content-Transfer-Encoding: $cte\n"; - print "User-Agent: $ENV{'SERVER_SOFTWARE'} $prog/$id\n"; + print "User-Agent: ", &html_quote("$ENV{'SERVER_SOFTWARE'} $prog/$id"), + "\n"; print "\n"; print $body; print "\n" if ($body !~ /\n$/); @@ -137,10 +148,10 @@ if ($query =~ s/^\w+://) { foreach $h (keys %opt) { $qh = &html_quote($h); print "<tr><td>\u$qh:<td>$v{$h}\n"; - print "<input type='hidden' name=\"$qh\" value=\"$v\">\n"; + print "<input type='hidden' name=\"$qh\" value=\"$v{$h}\">\n"; } print "<tr><td colspan=2>\n"; - print "<textarea cols=40 rows=10 name='body'>\n"; + print "<textarea cols=40 rows=10 name=body>\n"; if ($body) { print $body; } @@ -158,7 +169,7 @@ if ($query =~ s/^\w+://) { print "\r\n"; print "<html><head><title>W3M Mailer</title></head>\n"; print "<body><h1>W3M Mailer: open sendmail failed</h1>\n"; - print "<p>$@</p>\n"; + print "<p>", &html_quote($@), "</p>\n"; print "</body></html>\n"; exit(0); } @@ -189,7 +200,7 @@ if ($query =~ s/^\w+://) { print "\r\n"; print "<html><head><title>W3M Mailer</title></head>\n"; print "<body><h1>W3M Mailer: close sendmail failed</h1>\n"; - print "<p>$@</p>\n"; + print "<p>", &html_quote($@), "</p>\n"; print "</body></html>\n"; } } diff --git a/w3mbookmark.c b/w3mbookmark.c @@ -1,7 +1,5 @@ /* $Id$ */ -#ifdef __EMX__ #include <stdlib.h> -#endif #include <stdio.h> #include "config.h" #include "Str.h" @@ -10,46 +8,47 @@ #include "parsetag.h" #if LANG == JA -static char *bkmark_src1 = "<html><head><title>Bookmark Registration</title>\n\ -<body><h1>ブックマークの登録</h1>\n\n" "<form method=get action=\"file://%s/" W3MBOOKMARK_CMDNAME "\">\n\n" "<input type=hidden name=mode value=register>\n\ -<input type=hidden name=bmark value=\"%s\">\n\ -<table cellpadding=0>\n"; +#define BKMARK_TITLE "ブックマークの登録" +#define BKMARK_ADD "登録" +#define DEFAULT_SECTION "未分類" +#else +#define BKMARK_TITLE "Register to my bookmark" +#define BKMARK_ADD "ADD" +#define DEFAULT_SECTION "Miscellaneous" +#endif -static char *bkmark_src2 = - "<tr><td>New Section:</td><td><input type=text name=newsection width=60></td></tr>\n\ -<tr><td>URL:</td><td><input type=text name=url value=\"%s\" width=60></td></tr>\n\ -<tr><td>Title:</td><td><input type=text name=title value=\"%s\" width=60></td></tr>\n\ -<tr><td><input type=submit name=submit value=\"登録\"></td>\n\ -</table>\n\ -<input type=hidden name=cookie value=\"%s\">\ -</form>\ -</body></html>\n"; -static char *default_section = "未分類"; -#else /* LANG != JA */ -static char *bkmark_src1 = "<html><head><title>Bookmark Registration</title>\n\ -<body><h1>Register to my bookmark</h1>\n\n" "<form method=get action=\"file://%s/" W3MBOOKMARK_CMDNAME "\">\n\n" "<input type=hidden name=mode value=register>\n\ +static char *bkmark_src1 = + "<html>\n\ +<head>\n\ +<title>" BKMARK_TITLE "</title>\n\ +</head>\n\ +<body>\n\ +<h1>" BKMARK_TITLE "</h1>\n\ +<form method=post action=\"file:///$LIB/" W3MBOOKMARK_CMDNAME "\">\n\ +<input type=hidden name=mode value=register>\n\ <input type=hidden name=bmark value=\"%s\">\n\ +<input type=hidden name=cookie value=\"%s\">\n\ <table cellpadding=0>\n"; static char *bkmark_src2 = - "<tr><td>New Section:</td><td><input type=text name=newsection width=60></td></tr>\n\ -<tr><td>URL:</td><td><input type=text name=url value=\"%s\" width=60></td></tr>\n\ -<tr><td>Title:</td><td><input type=text name=title value=\"%s\" width=60></td></tr>\n\ -<tr><td><input type=submit name=submit value=\"ADD\"></td>\n\ + "<tr><td>New&nbsp;Section:<td><input type=text name=newsection size=60>\n\ +<tr><td>URL:<td><input type=text name=url value=\"%s\" size=60>\n\ +<tr><td>Title:<td><input type=text name=title value=\"%s\" size=60>\n\ +<tr><td><input type=submit value=\"" BKMARK_ADD "\">\n\ </table>\n\ -<input type=hidden name=cookie value=\"%s\">\ -</form>\ -</body></html>\n"; -static char *default_section = "Miscellaneous"; -#endif /* LANG != JA */ +</form>\n\ +</body>\n\ +</html>\n"; +#undef FALSE #define FALSE 0 -#define T 1 +#undef TRUE +#define TRUE 1 static char end_section[] = "<!--End of section (do not delete this comment)-->\n"; -char *Local_cookie; +static char *Local_cookie = NULL; void print_bookmark_panel(char *bmark, char *url, char *title) @@ -59,7 +58,7 @@ print_bookmark_panel(char *bmark, char *url, char *title) char *p; printf("Content-Type: text/html\n\n"); - printf(bkmark_src1, w3m_lib_dir(), bmark); + printf(bkmark_src1, html_quote(bmark), html_quote(Local_cookie)); if ((f = fopen(bmark, "r")) != NULL) { printf("<tr><td>Section:<td><select name=\"section\">\n"); while (tmp = Strfgets(f), tmp->length > 0) { @@ -69,13 +68,13 @@ print_bookmark_panel(char *bmark, char *url, char *title) tmp2 = Strnew(); while (*p && *p != '<') Strcat_char(tmp2, *p++); - printf("<option value=\"%s\">%s</option>", tmp2->ptr, + printf("<option value=\"%s\">%s\n", tmp2->ptr, tmp2->ptr); } } printf("</select>\n"); } - printf(bkmark_src2, html_quote(url), html_quote(title), Local_cookie); + printf(bkmark_src2, html_quote(url), html_quote(title)); } /* create new bookmark */ @@ -117,7 +116,7 @@ insert_bookmark(char *bmark, struct parsed_tagarg *data) if (section == NULL || *section == '\0') section = tag_get_value(data, "section"); if (section == NULL || *section == '\0') - section = default_section; + section = DEFAULT_SECTION; if (url == NULL || *url == '\0' || title == NULL || *title == '\0') { /* Bookmark not added */ @@ -175,7 +174,9 @@ int main(int argc, char *argv[], char **envp) { extern char *getenv(); - char *qs; + char *p; + int length; + Str qs = NULL; struct parsed_tagarg *cgiarg; char *mode; char *bmark; @@ -183,21 +184,33 @@ main(int argc, char *argv[], char **envp) char *title; char *sent_cookie; - if ((qs = getenv("QUERY_STRING")) == NULL) { - printf("Content-Type: text/plain\n\n"); - printf("Incomplete Request: no QUERY_STRING\n"); - exit(1); + p = getenv("REQUEST_METHOD"); + if (p == NULL || strcasecmp(p, "post")) + goto request_err; + p = getenv("CONTENT_LENGTH"); + if (p == NULL || (length = atoi(p)) <= 0) + goto request_err; + + qs = Strfgets(stdin); + Strchop(qs); + if (qs->length != length) + goto request_err; + cgiarg = cgistr2tagarg(qs->ptr); + + p = getenv("LOCAL_COOKIE_FILE"); + if (p) { + FILE *f = fopen(p, "r"); + if (f) { + Local_cookie = Strfgets(f)->ptr; + fclose(f); + } } - - cgiarg = cgistr2tagarg(qs); - - Local_cookie = getenv("LOCAL_COOKIE"); sent_cookie = tag_get_value(cgiarg, "cookie"); if (sent_cookie == NULL || Local_cookie == NULL || strcmp(sent_cookie, Local_cookie) != 0) { /* local cookie doesn't match: It may be an illegal invocation */ - printf("Content-Type: text/plain\n"); - printf("\nLocal cookie doesn't match: It may be an illegal invocation\n"); + printf("Content-Type: text/plain\n\n"); + printf("Local cookie doesn't match: It may be an illegal invocation\n"); exit(1); } @@ -205,12 +218,8 @@ main(int argc, char *argv[], char **envp) bmark = expandPath(tag_get_value(cgiarg, "bmark")); url = tag_get_value(cgiarg, "url"); title = tag_get_value(cgiarg, "title"); - if (bmark == NULL || url == NULL) { - /* incomplete request */ - printf("Content-Type: text/plain\n\n"); - printf("Incomplete Request: QUERY_STRING=%s\n", qs); - exit(1); - } + if (bmark == NULL || url == NULL) + goto request_err; if (mode && !strcmp(mode, "panel")) { if (title == NULL) title = ""; @@ -220,8 +229,14 @@ main(int argc, char *argv[], char **envp) printf("Content-Type: text/plain\n"); if (insert_bookmark(bmark, cgiarg)) { printf("w3m-control: BACK\n"); - printf("w3m-control: BACK\n\n"); + printf("w3m-control: BACK\n"); } + printf("\n"); } return 0; + + request_err: + printf("Content-Type: text/plain\n\n"); + printf("Incomplete Request: %s\n", qs ? qs->ptr : "(null)"); + exit(1); } diff --git a/w3mhelperpanel.c b/w3mhelperpanel.c @@ -2,6 +2,7 @@ #include <errno.h> #include <stdlib.h> #include <stdio.h> +#include <string.h> #include "config.h" #include "Str.h" #include "indep.h" @@ -18,7 +19,7 @@ #define MSG_DELETE "削除" #define MSG_DOIT "実行" #else /* LANG != JA */ -#define MSG_TITLE "External Viewers" +#define MSG_TITLE "External Viewers Setup" #define MSG_NEW_ENTRY "New Entry" #define MSG_TYPE "Type" #define MSG_COMMAND "Command" @@ -81,32 +82,33 @@ printMailcapPanel(char *mailcap) } } printf("Content-Type: text/html\n\n"); - printf - ("<html><head><title>External Viewer Setup</title></head><body><h1>%s</h1>\n", - MSG_TITLE); - printf("<form method=get action=\"file:///$LIB/" W3MHELPERPANEL_CMDNAME + printf("<html>\n<head>\n<title>%s</title>\n</head>\n<body>\n<h1>%s</h1>\n", + MSG_TITLE, MSG_TITLE); + printf("<form method=post action=\"file:///$LIB/" W3MHELPERPANEL_CMDNAME "\">\n"); printf("<input type=hidden name=mode value=edit>\n"); - printf("<input type=hidden name=cookie value=\"%s\">\n", local_cookie); - printf - ("%s: %s=<input type=text name=newtype><br>%s=<input type=text name=newcmd><br><input type=submit name=submit value=\"%s\">\n", - MSG_NEW_ENTRY, MSG_TYPE, MSG_COMMAND, MSG_REGISTER); - printf - ("<p><hr width=50%%><p><table border='0' cellpadding='0'><tr><th>&nbsp;&nbsp;<th><b>%s</b><th><b>%s</b>\n", - MSG_TYPE, MSG_COMMAND); + printf("<input type=hidden name=cookie value=\"%s\">\n", + html_quote(local_cookie)); + printf("<table>\n<tr><td>%s:<td>%s=<input type=text name=newtype size=40>\n\ +<tr><td><td>%s=<input type=text name=newcmd size=40>\n\ +<tr><td><input type=submit name=submit value=\"%s\">\n</table>\n", + MSG_NEW_ENTRY, MSG_TYPE, MSG_COMMAND, MSG_REGISTER); + printf("<p><hr width=50%%><p>\n<table border='0' cellpadding='0'>\n\ +<tr><th align=left><b>%s</b><th><b>%s</b>\n", + MSG_TYPE, MSG_COMMAND); while (tmp = Strfgets(f), tmp->length > 0) { if (tmp->ptr[0] == '#') continue; Strchop(tmp); extractMailcapEntry(tmp->ptr, &type, &viewer); - printf("<tr valign=top><td><td>%s<td>%s<td>", html_quote(type), + printf("<tr valign=top><td>%s<td>%s<td nowrap>", html_quote(type), html_quote(viewer)); printf("<input type=checkbox name=delete value=\"%s\">%s\n", html_quote(type), MSG_DELETE); } - printf - ("</table><input type=submit name=submit value=\"%s\"></form></body></html>\n", - MSG_DOIT); + printf("</table>\n<input type=submit name=submit value=\"%s\">\n</form>\n\ +</body>\n</html>\n", + MSG_DOIT); } void @@ -159,17 +161,34 @@ main(int argc, char *argv[], char **envp) { Str mailcapfile; extern char *getenv(); - char *qs; + char *p; + int length; + Str qs = NULL; struct parsed_tagarg *cgiarg; char *mode; char *sent_cookie; - if ((qs = getenv("QUERY_STRING")) == NULL) - exit(1); - - cgiarg = cgistr2tagarg(qs); - - local_cookie = getenv("LOCAL_COOKIE"); + p = getenv("REQUEST_METHOD"); + if (p == NULL || strcasecmp(p, "post")) + goto request_err; + p = getenv("CONTENT_LENGTH"); + if (p == NULL || (length = atoi(p)) <= 0) + goto request_err; + + qs = Strfgets(stdin); + Strchop(qs); + if (qs->length != length) + goto request_err; + cgiarg = cgistr2tagarg(qs->ptr); + + p = getenv("LOCAL_COOKIE_FILE"); + if (p) { + FILE *f = fopen(p, "r"); + if (f) { + local_cookie = Strfgets(f)->ptr; + fclose(f); + } + } sent_cookie = tag_get_value(cgiarg, "cookie"); if (local_cookie == NULL || sent_cookie == NULL || strcmp(local_cookie, sent_cookie) != 0) { @@ -178,8 +197,7 @@ main(int argc, char *argv[], char **envp) } mode = tag_get_value(cgiarg, "mode"); - mailcapfile = Strnew_charp(expandPath(RC_DIR)); - Strcat_charp(mailcapfile, "/mailcap"); + mailcapfile = Strnew_charp(expandPath(USER_MAILCAP)); if (mode && !strcmp(mode, "edit")) { char *referer; /* check if I can edit my mailcap */ @@ -198,4 +216,8 @@ main(int argc, char *argv[], char **envp) printMailcapPanel(mailcapfile->ptr); } return 0; + + request_err: + bye("Incomplete Request:", qs ? qs->ptr : "(null)"); + exit(1); }